CVE-2022-4125

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well
References
Configurations

Configuration 1

cpe:2.3:a:popup_manager_project:popup_manager:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-12-19 02:15

Updated : 2022-12-22 10:08


NVD link : CVE-2022-4125

Mitre link : CVE-2022-4125

Products Affected
No products.
CWE